rspec/rules/S2819/rationale.adoc

Without origin verification, the target website cannot distinguish between legitimate requests from its own pages and malicious requests from an attacker's site. The attacker can craft a malicious website or script that sends requests to a target website where the user is already authenticated.

This vulnerability class is not about a single specific user input or action, but rather a series of actions that lead to an insecure cross-origin communication.
Modify rule S2819: Change text to education framework format (APPSEC-1208) (#3339) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) 2023-10-24 09:05:18 +02:00			`Without origin verification, the target website cannot distinguish between legitimate requests from its own pages and malicious requests from an attacker's site. The attacker can craft a malicious website or script that sends requests to a target website where the user is already authenticated.`

			`This vulnerability class is not about a single specific user input or action, but rather a series of actions that lead to an insecure cross-origin communication.`